Table of Contents
Setting Up the SolarWinds Integration | Company Mapping | Ticket Settings
ThreatLocker now includes SolarWinds as part of its integrations. Utilizing the ThreatLocker SolarWinds integration will synchronize your ThreatLocker organization with sites in your SolarWinds account. This will allow you to generate tickets from ThreatLocker approval requests that appear directly within your SolarWinds Incidents page.
Setting Up the SolarWinds Integration
To begin setting up your SolarWinds Integration with ThreatLocker, navigate to the 'Integrations' page on the left-hand side of the portal.
Within the 'Integrations' page, use the search bar provided to enter 'solarwinds', then select 'Solarwinds Service Desk' from the dropdown.
Selecting this dropdown will open a side panel titled 'Add SolarWinds Integration'. In the 'Details' section, you will see two fields: URL and JSON Web Token.
The URL will be the URL associated with your SolarWinds account. Logging into your SolarWinds account is required to obtain the JSON Web Token.
Once logged in, within the main page, select the 'gear' icon (labeled 'setup') on the left side of the page.
You will now be directed to the 'Setup Home' page. From here, navigate to 'Users & Groups'.
Now, in the 'Users' page, select the user's name associated with the account you are logged in under.
In the individual user's page, navigate to 'JSON Web Token' and select 'Show Token'.
Selecting the 'Show Token' button will provide your JSON Web Token. This is required for completing the setup of the SolarWinds ThreatLocker integration. Select 'Copy' below the JSON Web Token.
In your ThreatLocker Portal, paste the JSON Web Token within the allocated field of the 'Add SolarWinds Integration' side panel. Once all information has been entered, select the 'Add' button to create the SolarWinds integration. If all information is correct, this will be added to your list of Configured Integrations.
When you navigate back into your SolarWinds integration, you will see two newly created tabs: ' Company Mapping' and 'Ticket Settings'.
Company Mapping
The 'Company Mapping' tab allows you to associate sites from your SolarWinds account to Organizations in ThreatLocker. Company Mapping is essential when configuring the SolarWinds integration for ticket creation.
First, select your SolarWinds site name within the 'Company Mapping' tab. Now that your integration has been set up, all sites from your SolarWinds account will be available here. If not, you can select the 'Reload SolarWinds Sites' button to reload the list of sites from your account.
Using the 'SolarWinds Sites' dropdown, select the designated site name.
Within the 'ThreatLocker Organizations' field, enter the name of the ThreatLocker organization you would like to map to the chosen SolarWinds site.
Select the '+' button to the right of this field to map this site to the ThreatLocker Organization. The mapped site will appear under these entry fields and can be deleted using the 'trashcan' icon to the right.
To create more Company Mappings, follow the steps above. This page allows you to map multiple sites and organizations to each other, but it must be done one at a time. Once you have mapped at least one organization, select the 'Save' button at the bottom of the page to finalize your settings.
Ticket Settings
The 'Ticket Settings' tab is located to the right of the 'Company Mapping' tab. This section contains some of the same fields that you would see when creating a 'New Incident' within the SolarWinds interface. You can use pre-made settings from SolarWinds or create your own. The 'Ticket Settings' tab displays two sections: 'Ticket Settings' and 'Custom Fields'. The settings you apply in this tab directly affect how tickets generated from ThreatLocker will appear on your Incidents board. The following categories are available for you to customize:
- Category
- Subcategory
- Assigned to
- Group Assignment
- Priority
- State
- Auto Close State
- Escalation State
- Department
The following image is an example of the Ticket Settings page filled out:
The second section of the 'Ticket Settings' tab is 'Custom Fields'. Here, you can select from the list of custom fields. ThreatLocker provides a dropdown labeled 'SolarWinds Custom Field', which displays all custom fields from your SolarWinds account.
Note: Only custom fields with the Field Type 'Dropdown' will be displayed here.
In the field labeled 'Value', you can search for or select from the dropdown which value to apply to this custom field. The values listed will match those applied to the custom field you chose.
Once you have entered the information, select the '+' button to the right of these fields. This will apply your new custom field.
After setting up your 'Ticket Settings', select the 'Save' button to finalize them.
Generating a Ticket
Now that your SolarWinds integration has been properly set up, you can view tickets that populate based on the information you supplied for this Integration. The SolarWinds integration was designed to report when a user submits an approval request. Any time this occurs within an organization to which this integration applies, a ticket will be generated within your SolarWinds Incidents page.
If a request is actioned within the ThreatLocker Response Center before the ticket is actioned on SolarWinds, this ticket will automatically adopt the status that you input for the 'Auto Close State' found in the Ticket Settings tab of the SolarWinds Integration page.